WMF Flaw Can't Wait for Microsoft Fix, Researchers Say
Peter Sayer writes in InfoWorld:
Users of the Windows OS should install an unofficial security patch now, without waiting for Microsoft to make its move, security researchers at The SANS Institute's Internet Storm Center (ISC) advised on Sunday.
Their recommendation follows a new wave of attacks on a flaw in the way versions of Windows from 98 through XP handle malicious files in the WMF (Windows Metafile) format. One such attack arrives in an e-mail message entitled "happy new year," bearing a malicious file attachment called "HappyNewYear.jpg" that is really a disguised WMF file, security research companies including iDefense and F-Secure said Sunday. Even though the file is labelled as a JPEG, Windows recognizes the content as a WMF and attempts to execute the code it contains.
0 Comments:
Post a Comment
<< Home